In November, I reported various persistent XSS vulnerabilities in AOL Mail to the AOL Security Team. They replied quickly and fixed the vulnerabilities in less than 90 days. 1. Using an unclosed tag, it was possible to inject arbitrary javascript code. The payload ran as soon as the victim opened the site mail.aol.com because the code … Continue reading Multiple stored XSS in AOL Mail
AGGIORNATO IN DATA 8/03/2018 In data 8/03/2018 ho modificato quasi completamente il post originale, perché ho deciso di impuntarmi e risolvere i miei problemi con Raspbian Stretch. La soluzione adottata in questa versione dell’articolo è senza dubbio migliore della precedente: è più facile, più veloce e ho utilizzato una distribuzione (Raspbian) adatta ad un uso … Continue reading Utilizzare il Raspberry Pi 3 via Termux
INFO Product: Bookly #1 WordPress Booking Plugin (Lite Version) Version: 13.2 Active installations: 10,000+ Product page: https://wordpress.org/plugins/bookly-responsive-appointment-booking-tool/ CVE: 2018-6891 DESCRIPTION An unauthenticated user can inject arbitrary persistent javascript code in the admin panel. PROOF OF CONCEPT Bookly Lite 13.2 and Bookly Pro 14.5 are affected, probably even earlier versions. I think the problem is that jQuery.ajax request is … Continue reading Bookly #1 WordPress Booking Plugin (Lite) 13.2 – Blind Stored XSS
ZOHO Mail is a business mail that includes integrated calendar, contacts, notes, and tasks apps. Initially I was looking for a stored XSS in the webmail, but I did not find it so I started checking the other services. I wondered if it was possible to inject malicious code via attachments in ZOHO Notes. By … Continue reading Stored XSS via cloud attachment
This is my first public disclosure on HackerOne. It is a partial disclosure, but the summary is clear: there was a stored XSS in the image preview feature via crafted attachment filename. #275274 – touch.mail.ru/messages – Stored XSS 07/10/2017 – I send the report 11/10/2017 – The vulnerability is fixed and the bug bounty reward … Continue reading Stored XSS in touch.mail.ru
